Files
CFDivePlatform/tests/Feature/AdminVerificationTest.php
T
a620906209 43720482c4
Run Tests / test (pull_request) Successful in 2m3s
feat(verification): 教練審核流程完整版——狀態機/證照送審/Admin 裁決/通知
實作 openspec change provider-verification-workflow(25/25 tasks):
- is_verified 升級為 verification_status 四狀態機(unsubmitted/pending/
  approved/rejected),migration 自動轉換既有資料,API 以 accessor 保留
  is_verified 相容輸出
- 教練端:證照上傳(≤3 張、複用 CompressesImages)、送審、駁回原因
  顯示與重送(/coach/verification 新頁面)
- Admin 端:審核佇列、通過/駁回(原因必填)、撤銷 approved;移除
  toggle-verified 端點(防繞過狀態機);裁決後 flush 課程快取
- 通知:審核通過/駁回(站內+Email,駁回含原因)
- 可見性與預約入口改判 approved(行為等價)
- 測試 +18(ProviderVerificationTest 10、AdminVerificationTest 8),
  既有 4 個測試檔 helper 遷移;Swagger 同步
- 規格同步:provider-verification 全面改寫、admin-user-management
  toggle 段落改為移除聲明

容器內全套件 173 passed / 439 assertions。

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 00:26:12 +08:00

152 lines
5.4 KiB
PHP

<?php
namespace Tests\Feature;
use App\Models\ProviderProfile;
use App\Models\User;
use App\Notifications\ProviderVerificationApprovedNotification;
use App\Notifications\ProviderVerificationRejectedNotification;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Notification;
use Tests\TestCase;
/**
* Admin 審核裁決(provider-verification / admin-user-management 規格)。
*
* 審核是平台對教練資質的把關承諾:駁回必須有原因(教練的申訴與
* 補正依據)、裁決必須走狀態機(不可對未送審者直接通過)、
* 舊 toggle 後門必須保持關閉。
*/
class AdminVerificationTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
Notification::fake();
}
private function makeAdmin(): User
{
return User::factory()->create(['role' => 'admin']);
}
private function makeProvider(string $status): User
{
$provider = User::factory()->create(['role' => 'provider']);
ProviderProfile::create(['user_id' => $provider->id, 'verification_status' => $status]);
return $provider;
}
// ── 佇列 ─────────────────────────────────────────────────
public function test_queue_defaults_to_pending_only(): void
{
$pending = $this->makeProvider('pending');
$this->makeProvider('unsubmitted');
$this->makeProvider('approved');
$response = $this->actingAs($this->makeAdmin())->getJson('/api/admin/verifications');
$response->assertOk();
$ids = array_column($response->json('data'), 'user_id');
$this->assertSame([$pending->id], $ids);
}
public function test_queue_can_filter_all_statuses(): void
{
$this->makeProvider('pending');
$this->makeProvider('approved');
$response = $this->actingAs($this->makeAdmin())->getJson('/api/admin/verifications?status=all');
$this->assertCount(2, $response->json('data'));
}
// ── 裁決狀態機 ───────────────────────────────────────────
public function test_approve_pending_provider_and_notify(): void
{
$provider = $this->makeProvider('pending');
$this->actingAs($this->makeAdmin())
->putJson("/api/admin/verifications/{$provider->id}/approve")
->assertOk();
$this->assertSame('approved', $provider->providerProfile->fresh()->verification_status->value);
Notification::assertSentTo($provider, ProviderVerificationApprovedNotification::class);
}
public function test_reject_requires_reason(): void
{
$provider = $this->makeProvider('pending');
$this->actingAs($this->makeAdmin())
->putJson("/api/admin/verifications/{$provider->id}/reject")
->assertStatus(422);
$this->assertSame('pending', $provider->providerProfile->fresh()->verification_status->value);
}
public function test_reject_pending_provider_stores_reason_and_notifies(): void
{
$provider = $this->makeProvider('pending');
$this->actingAs($this->makeAdmin())
->putJson("/api/admin/verifications/{$provider->id}/reject", ['reason' => '證照已過期'])
->assertOk();
$profile = $provider->providerProfile->fresh();
$this->assertSame('rejected', $profile->verification_status->value);
$this->assertSame('證照已過期', $profile->rejection_reason);
Notification::assertSentTo($provider, ProviderVerificationRejectedNotification::class);
}
public function test_cannot_approve_unsubmitted_provider(): void
{
$provider = $this->makeProvider('unsubmitted');
$this->actingAs($this->makeAdmin())
->putJson("/api/admin/verifications/{$provider->id}/approve")
->assertStatus(422);
}
public function test_can_revoke_approved_provider_with_reason(): void
{
$provider = $this->makeProvider('approved');
$this->actingAs($this->makeAdmin())
->putJson("/api/admin/verifications/{$provider->id}/reject", ['reason' => '收到檢舉,資料不實'])
->assertOk();
$this->assertSame('rejected', $provider->providerProfile->fresh()->verification_status->value);
}
// ── 權限邊界與舊端點 ─────────────────────────────────────
public function test_non_admin_cannot_access_verification_endpoints(): void
{
$provider = $this->makeProvider('pending');
$member = User::factory()->create(['role' => 'member']);
$this->actingAs($member)->getJson('/api/admin/verifications')->assertStatus(403);
$this->actingAs($member)
->putJson("/api/admin/verifications/{$provider->id}/approve")
->assertStatus(403);
$this->actingAs($provider)
->putJson("/api/admin/verifications/{$provider->id}/approve")
->assertStatus(403);
}
public function test_legacy_toggle_verified_endpoint_is_removed(): void
{
$provider = $this->makeProvider('approved');
$this->actingAs($this->makeAdmin())
->putJson("/api/admin/providers/{$provider->id}/toggle-verified")
->assertStatus(404);
}
}